使用场景二:
即,虽然我们使用了Spring BlazeDS Intergration去配置项目,但是登陆页面还是传统的html form 提交。
这也是支持的!
security-config.xml:
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<http entry-point-ref="entryPoint">
<anonymous enabled="false" />
<form-login login-page="/login.jsp"
authentication-success-handler-ref="simpleLoginSuccessHandler" />
<remember-me key="testdrive" services-ref="rememberMeServices" />
</http>
<beans:bean id="rememberMeServices"
class="org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices">
<beans:property name="key" value="testdrive"/>
<beans:property name="alwaysRemember" value="true"/>
</beans:bean>
<beans:bean id="entryPoint"
class="org.springframework.flex.security3.FlexAuthenticationEntryPoint" />
<beans:bean id="simpleLoginSuccessHandler" class="test.SimpleLoginSuccessHandler">
<beans:property name="defaultTargetUrl" value="/secured/secured.html"></beans:property>
<beans:property name="forwardToDestination" value="false"></beans:property>
</beans:bean>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="john" password="john" authorities="ROLE_USER" />
<user name="admin" password="admin" authorities="ROLE_USER, ROLE_ADMIN" />
<user name="guest" password="guest" authorities="ROLE_GUEST" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
注意,在这里我配置了authentication-success-handler-ref="simpleLoginSuccessHandler",其目的是让登陆成功后,可以有一个切入点,让自己干点什么(比如,持久化用户登录信息,获得用户ip,数据库查询用户信息等)。
SimpleLoginSuccessHandler:
package test;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.DefaultRedirectStrategy;
import org.springframework.security.web.RedirectStrategy;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
public class SimpleLoginSuccessHandler implements AuthenticationSuccessHandler,
InitializingBean {
protected Log logger = LogFactory.getLog(getClass());
private String defaultTargetUrl;
private boolean forwardToDestination = false;
private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
public String getDefaultTargetUrl() {
return defaultTargetUrl;
}
public void setDefaultTargetUrl(String defaultTargetUrl) {
this.defaultTargetUrl = defaultTargetUrl;
}
public boolean isForwardToDestination() {
return forwardToDestination;
}
public void setForwardToDestination(boolean forwardToDestination) {
this.forwardToDestination = forwardToDestination;
}
@Override
public void afterPropertiesSet() throws Exception {
// TODO Auto-generated method stub
}
@Override
public void onAuthenticationSuccess(HttpServletRequest request,
HttpServletResponse response, Authentication arg2)
throws IOException, ServletException {
// TODO 在登陆成功之后,自己想要执行的代码。
if (this.forwardToDestination) {
logger.info("Login success,Forwarding to " + this.defaultTargetUrl);
request.getRequestDispatcher(this.defaultTargetUrl).forward(
request, response);
} else {
logger.info("Login success,Redirecting to " + this.defaultTargetUrl);
this.redirectStrategy.sendRedirect(request, response,
this.defaultTargetUrl);
}
}
}
login.jsp:
<%@ taglib prefix='c' uri='http://java.sun.com/jstl/core_rt' %>
<!-- Not used unless you declare a <form-login login-page="/login.jsp"/> element -->
<html>
<head>
<title>CUSTOM SPRING SECURITY LOGIN</title>
</head>
<body οnlοad="document.f.j_username.focus();">
<h1>CUSTOM SPRING SECURITY LOGIN</h1>
<P>Valid users:</P>
<P/>
<P>username <b>john</b>, password <b>john</b>
<P>username <b>admin</b>, password <b>admin</b>
<br>username <b>guest</b>, password <b>guest</b></P>
<p/>
<%-- this form-login-page form is also used as the
form-error-page to ask for a login again.
--%>
<c:if test="${not empty param.login_error}">
<font color="red">
Your login attempt was not successful, try again.<br/><br/>
Reason: <c:out value="${SPRING_SECURITY_LAST_EXCEPTION.message}"/>.
</font>
</c:if>
<form name="f" action="<c:url value='j_spring_security_check'/>" method="POST">
<table>
<tr><td>User:</td><td><input type='text' name='j_username' value='<c:if test="${not empty param.login_error}"><c:out value="${SPRING_SECURITY_LAST_USERNAME}"/></c:if>'/></td></tr>
<tr><td>Password:</td><td><input type='password' name='j_password'></td></tr>
<tr><td colspan='2'><input name="submit" type="submit"></td></tr>
<tr><td colspan='2'><input name="reset" type="reset"></td></tr>
</table>
</form>
</body>
</html>
所以,问题来了,simpleLoginSuccessHandler 只会在http form login 成功之后才被调用!
如果是flex ui 登陆成功,则不会调用simpleLoginSuccessHandler 。如果我想在flex ui登陆成功后,让java端干点啥,怎么办?
请看:Spring BlazeDS Integration之spring security(3)